• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.26 no.8
• /
• pp.1205-1212
• /
• 2022

Cyber threat targeting ICS (Industrial Control System) has indicated drastic increases over the past decade and Cyber Incident in Critical Infrastructure such as Energy, Gas Terminal and Petrochemical industries can lead to disaster-level accidents including casualties and large-scale fires. In order to effectively respond to cyber attacks targeting ICS, a multi-layered defense-in-depth strategy considering Control System Architecture is necessary. In particular, the centralized security log system integrating OT (Operational Technology) and IT (Information Technology) plays an important role in the ICS incident response plan. The paper suggests the way of implementing centralized security log system that collects security events and logs using OPC Protocol from Level 0 to Level 5 based on IEC62443 Purdue Model to integrate ICS security logs with SIEM (Security Information Event Management) operated in IT environment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.6
• /
• pp.1455-1463
• /
• 2015

If the industrial control system is infected by malicious worm such as Stuxnet, national disaster could be caused inevitably. Therefore, most of the industrial control system defence is focused on intrusion detection in network to protect against these threats. Conventional method is effective to monitor network traffic and detect anomalous patterns, but normal traffic pattern attacks using MITM technique are difficult to be detected. This study analyzes the PROFINET/DCP protocol and weaknesses with the data collected in real industrial control system. And add the authentication data field to secure the protocol, find out the applicability. Improved protocol may prevent the national disaster and defend against MITM attacks.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.9
• /
• pp.4446-4462
• /
• 2019

In this paper, we focus on interference cancellation for three-hop cognitive radio networks (CRNs) over Rayleigh fading channels. In CRNs, secondary users (SUs) are allowed to opportunistically utilize the licensed spectrum during the idle time of primary users (PUs) to achieve spectrum sharing. However, the SUs maybe power constrained to avoid interference and cover a very short transmission range. We here propose an interference cancellation scheme (ICS) for three-hop CRNs to prolong the transmission range of SUs and improve their transmission efficiency. In the proposed scheme, a flexible transmission protocol is adopted to cancel the interference at both secondary relays and destinations at the same time. And a closed-form expression for the secondary outage probability over Rayleigh fading channels is derived to measure the system performance. Simulation results show that the proposed scheme can significantly reduce the secondary outage probability and increase the secondary diversity in comparison with the traditional cases.

• Proceedings of the Korea Society for Industrial Systems Conference
• /
• 2008.10b
• /
• pp.575-582
• /
• 2008

본 논문은 시맨틱 웹 기술이 어떻게 국가 표준(KS) 정보 검색 서비스 내 정보들을 연계시키고 사용자 접근성을 향상시키는 데 도움을 줄 수 있는지를 실증적으로 보여준다. 기존 표준 정보 검색 서비스는 용어 검색의 유연성이 부족하여 표준 정보에서 사용된 용어와 사용자 용어 간의 괴리를 해소하지 못했으며 표준, 기관, 인력 등 상호 관련성을 가진 개체 정보들을 개별적으로 서비스하였다. 이러한 상황은 사용자의 표준 정보 검색 서비스 접근성을 떨어뜨리는 요인으로 작용한다. 본 연구에서는 유의어, 관련어를 중심으로 한 표준 용어 사전 구축을 통해 사용자 용어와 표준 정보 내 용어 간의 원활한 매칭을 지원하며, 표준 관련 개체들을 온톨로지와 추론을 통해 연계시키는 방안을 제시한다. 개선된 표준 정보 검색 서비스는 개선된 표준 정보 검색 서비스는 개체 중심적 통합 검색 결과 제공 방식으로 관련 정보들을 단일 웹 페이지 내에서 확인할 수 있도록 해준다. 예를 들어, 특정 KS 표준 검색 결과 페이지에서는 기존에 DB 접근이나 검색 엔진을 통해 바로 획득할 수 없었던 정부 표준들, 기관들의 해당 KS 표준 인용 현황, 해당 KS 표준 전문가들, 부합화를 위해 참조된 국제 표준들, 해당 KS 표준 전문가들, 부합화를 위해 참조된 국제 표준들, 해당 KS 표준 전문가 네트워크, 해당 KS 표준 내 표준 용어 사전 정보 등 다양한 관련 정보들을 조합하여 서비스한다. 본 연구를 위해 모델링된 온톨로지와 시맨틱 웹기반 서비스 프레임워크인 OntoFrame 상에서 추론 작업이 표준 정보 적재 시에 전방 추론 (Forward-chaining) 방식으로 수행되었으며, 표준 온톨로지 질의 언어인 SPARQL (SPARQL Protocol and RDF Query Language)을 이용해 일반 검색 서비스 수준의 속도로 서비스될 수 있었다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.6
• /
• pp.1351-1364
• /
• 2019

When SCADA is exposed to cyber threats and attacks, serious disasters can occur throughout society. This is because various security threats have not been considered when building SCADA. The bigger problem is that it is difficult to patch vulnerabilities quickly because of its availability. Digital forensics procedures and techniques need to be used to analyze and investigate vulnerabilities in SCADA systems in order to respond quickly against cyber threats and to prevent incidents. This paper addresses SCADA forensics taxonomy and research trends for effective digital forensics investigation on SCADA system. As a result, we have not been able to find any research that goes far beyond traditional digital forensics on procedures and methodologies. But it is meaningful to develop an approach methodology using the characteristics of the SCADA system, or an exclusive tool for SCADA. Analysis techniques mainly focused on PLC and SCADA network protocol. It is because the cyber threats and attacks targeting SCADA are mostly related to PLC or network protocol. Such research seems to continue in the future. Unfortunately, there is lack of discussion about the 'Evidence Capability' such as the preservation or integrity of the evidence extracting from SCADA system in the past researches.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.16 no.12
• /
• pp.1336-1347
• /
• 1991

In this paper, The PC interface for packet terminal of ISDN is designed and implemented in order to build packet communication networks which share computer resources and exchange informations between computer in the ISDN environment. The PC interface for packet terminal of ISDN constitutes S interface handler part which controls functions of ISDN layer1 and layer 2, constitutes packet handler part which controls services of X.25 protocol in the packet level.Where, The function of ISDN layer1 provides rules of electrical and mechanical characteristics, services for ISDN layer 2. The function of ISDN layer 2 provides function of LAPD procedure, services for X.25 The X.25 specifies interface between DCE and DTE for terminals operrating in the packet mode. The S interface handler part is orfanized by Am 79C30 ICs manufactured by Advanecd Micro Devices. ISDN packet handler part is organiged by AmZ8038 for FIFO for the purpose of D channel. The common signal procedure for D channel is controlled by Intel's 8086 microprocessor. The S interface handler part is based on ISDN layer1,2 is controlled by mail box in order to communicate between layers. The ISDN packet handler part is based on module in the X.25 lebel. The communication between S interface handler part and ISDN packet handler part is organized by interface controller.